This tutorial is part of our tutorial series on WordPress Security. In this tutorial, we provide a number of software security tips to help tighten your WordPress security and overall web security.
Software Security Tips
Below are some important tips and useful information to keep in mind regarding keeping your computer protected from malware attacks.
Don’t Run More Than One Security Program At The Same Time
Running more than one antivirus program at the same time can potentially cause conflicts that affect PC performance. Don’t run more than one antivirus program at the same time. You will cancel out the protection afforded by these programs.
Keep Your Antivirus Definitions Updated
For the most part, your antivirus software can only protect your computer from known threats.
New malware and new viruses (i.e. unknown threats) are continually being developed and regularly unleashed on online users by hackers and malicious users.
Much like scientists working on developing medical vaccines, when antivirus companies discover, are notified and/or get hold of new harmful scripts and viruses, they work on quickly developing a way to protect your computer from being infected by these newly detected threats, and release the new protection methods as updated “definitions”.
Some companies release new definitions for their software on a weekly basis. It’s really important, therefore, to keep your antivirus software definitions regularly updated. Fortunately, most software programs let you set your computer to receive automatic antivirus definition updates.
If you have your computer turned off for a long time, make sure that one of the first things you do when you go back online is to update your definitions.
Configure Your Antivirus Settings To Perform Regular Full System Scans
Just as we recommend keeping your antivirus definitions updated, it’s also a good idea to perform full system scans of your computer on a regular basis, including email scans. Once again, most security software programs let you set up automated scans.
Only Download Software Programs From Trusted Sites
Downloading files and software from unsecured and untrustworthy sites is one of the main ways computers get infected with malware. Sites can be very appealing, and entice users with “free” downloads, such as games, videos, screensavers, ringtones, cheats, money-making “secrets”, and even free WordPress plugins and themes.
If in doubt about the trustworthiness of a website, look for the following signs:
- The site displays a secure connection in your browser address bar. Look for a secure connection (e.g. ‘https://’ insted of ‘http’) and a security symbol, like a padlock, etc. Secured sites should change from the http:// prefix to https:// or shttp:// when you are prompted to type in a user name and password. Note, however, that just because a site transmits data securely, it doesn’t mean it has a good reputation. See the other indicators below for additional signs to look for.
- The site displays a trust certificate from a reliable organization (e.g. Better Business Bureau).
- The site is the official website of a popular brand or name (e.g. eBay, Google, Amazon, etc).
- Search for website reviews. Type in “name of site + review” (e.g. “xyz.com review”) into Google and go through some of the results to see what other users experiences with that site have been. Alternatively, type in “name of site + scam” (e.g. “xyz.com scam”) and see if anything comes back.
- Look for suspicious activity. Be wary of sites that ask for personal information for no good reason. If you’re not buying anything, you don’t need to give any information away.
- Links sent through email. Classic ‘phishing’ emails purport to come from well-known sites (e.g. ‘paypal.com’) but when links are hovered over with the mouse, they show a completely different domain name as the destination address. Unless you know and trust the sender, be wary of phishing scams and try to avoid clicking on website links in emails as much as possible.
- Sales letters that seem to be too good to be true. You know the old saying, “if it seems to good to be true …”
Install A Security Toolbar
Many antivirus and antispyware programs offer the option of installing a toolbar on your browser with security features as an additional line of defense …
Many security toolbars include features that block pop-ups, spam, and known phishing sites. Some can even detect potential consumer scams and warn you when you visit a suspicious site.
Can’t I Just Use A Firewall To Protect My Computer From Malware?
While we recommend using a firewall, the main purpose of a firewall is to stop other people from breaking into your system or computer network remotely. A firewall can’t stop malware from infecting your computer if you have allowed it to come in (e.g. by opening up a malicious attachment, or downloading infected files to your hard drive.
Why Not Just Use My ISP’s Antivirus?
Many Internet Service Providers (ISP) and free email providers offer some form of antivirus protection at the server level. While it’s great to have this added layer of protection, server-level antivirus programs can’t protect your computer from getting infected by malware downloaded from infected or malicious websites.
Create Separate User Accounts
It’s a good idea to create user accounts separate from the default administrator account, especially if you work from home, and other members of your family access your computer. By keeping admin and user accounts separate, you only need to log in as the administrator when changes to the computer are required. This minimizes the frequency of accessing the admin account, which limits opportunities or hacking.
You may also want to create an individual user account for each member of your family who uses the computer. This will allow each person to keep his or her information private.
Don’t Share Files With People You Don’t Know
Sharing files can allow a hacker to look at information stored on your computer or plant a virus to infect your computer. Learn about the risks of file sharing, and learn how to disable file sharing on your operating system to prevent these risks. If a file sharing program is installed on your computer, be sure that it does not run automatically when you boot up your computer.
Delete Unused Software Programs
Programs that you no longer use are usually not updated and may not have the security patches that could stop a hacker from accessing your computer. Back them up to an external drive and then delete/uninstall these programs from your machine.
Read The Software License Agreement
Before installing any downloaded software, review the End-User License Agreement (EULA). This is the legal contract between a software application author or publisher and the user of that application. Many free downloads come with spyware and other programs that you would not want installed on your computer. By reading the software agreement carefully, you will be able to find out if the software you are installing comes with any “hidden” extras.
Don’t Use Unlicensed Software
Pirated software is illegal, and sites that distribute illegal software are often loaded with malware. Unlicensed software can also be susceptible to viruses and incompatible with updates and patches designed to fix vulnerabilities in the software. Some unlicensed software copies may even come with viruses pre-installed.
Don’t Install Unknown Devices Into Your Computer
If you find a USB drive that does not belong to you, do not plug it into your computer, as it may be a trap for unsuspecting users to test their curiosity and could deliberately contain viruses. Treat it like any lost public property and hand it over to an authority or to the police.
What To Do If All Else Fails
If you suspect that malware is affecting your computer, stop any online activities that involve usernames, passwords, or other personal information immediately. Scan your computer with an antivirus software and delete anything that the program finds to be suspicious. If the problem is not resolved call for professional technical help from a computer security services company, repair shop, or your computer manufacturer.
If despite all of your efforts to keep your computer secure, you end up discovering that your computer has become badly infected, you may end up having no choice but to perform a complete reinstall of your computer operating system and restore your data from a previous backup. This is why it’s so important to have a computer backup system in place before disaster strikes.
To learn more about creating a computer backup system, see the tutorial below:
Congratulations! Now you know how to protect your computer from malicious software and software-based security threats.
Review Software Security Tutorials …
- Software Security Guide For WordPress Users
- Common Software Security Threats
- How To Prevent Malware Attacks: Antispyware, Antivirus, and Firewall Software
- User Security: Learn how to protect your assets from unauthorized users.
- Password Security: Learn how to improve password security everywhere.
- Browser Security: Learn how to keep your internet browser secure and browse safely online.
"If you're new to WordPress, this can stand on its own as a training course and will stay with you as you progress from beginner to advanced and even guru status." - Bruce (Columbus, Ohio)